Leonid Bershidsky: U.S. surveillance is not aimed at terrorists

BY LEONID BERSHIDSKYJune 25. 2013 6:47PMThe debate over the U.S. government’s monitoring of digital communications suggests that Americans are willing to allow it as long as it is genuinely targeted at terrorists. What they fail to realize is that the surveillance systems are best suited for gathering information on law-abiding citizens.

People concerned with online privacy tend to calm down when told that the government can record their calls or read their email only under special circumstances and with proper court orders. The assumption is that they have nothing to worry about unless they are terrorists or correspond with the wrong people.

The infrastructure set up by the National Security Agency, however, may only be good for gathering information on the stupidest, lowest-ranking of terrorists. The Prism surveillance program focuses on access to the servers of America’s largest Internet companies, which support such popular services as Skype, gmail and iCloud. These are not the services that truly dangerous elements typically use.

In a January 2012 report titled “Jihadism on the Web: A Breeding Ground for Jihad in the Modern Age,” the Dutch General Intelligence and Security Service drew a convincing picture of an Islamist Web underground centered around “core forums.” These websites are part of the Deep Web, or Undernet, the multitude of online resources not indexed by commonly used search engines.

The Netherlands’ security service, which couldn’t find recent data on the size of the Undernet, cited a 2003 study from the University of California at Berkeley as the “latest available scientific assessment.” The study found that just 0.2 percent of the Internet could be searched. The rest remained inscrutable and has probably grown since. In 2010, Google Inc. said it had indexed just 0.004 percent of the information on the Internet.

Websites aimed at attracting traffic do their best to get noticed, paying to tailor their content to the real or perceived requirements of search engines such as Google. Terrorists have no such ambitions. They prefer to lurk in the dark recesses of the Undernet.

“People who radicalise under the influence of jihadist websites often go through a number of stages,” the Dutch report said. “Their virtual activities increasingly shift to the invisible Web, their security awareness increases and their activities become more conspiratorial.”

Radicals who initially stand out on the “surface” Web quickly meet people, online or offline, who drag them deeper into the Web underground. “For many, finally finding the jihadist core forums feels like a warm bath after their virtual wanderings,” the report said.

When information filters to the surface Web from the core forums, it’s often by accident. Organizations such as al-Qaida use the forums to distribute propaganda videos, which careless participants or their friends might post on social networks or YouTube.

Communication on the core forums is often encrypted. In 2012, a French court found nuclear physicist Adlene Hicheur guilty of, among other things, conspiring to commit an act of terror for distributing and using software called Asrar al- Mujahideen, or Mujahideen Secrets. The program employed various cutting-edge encryption methods, including variable stealth ciphers and RSA 2,048-bit keys.

The NSA’s Prism, according to a classified PowerPoint presentation published by the Guardian, provides access to the systems of Microsoft (and therefore Skype), Facebook, Google, Apple and other U.S. Internet giants. Either these companies have provided “master keys” to decrypt their traffic — which they deny — or the NSA has somehow found other means.

Even complete access to these servers brings U.S. authorities no closer to the core forums. These must be infiltrated by more traditional intelligence means, such as using agents posing as jihadists or by informants within terrorist organizations.

Similarly, monitoring phone calls is hardly the way to catch terrorists. They’re generally not dumb enough to use Verizon. Granted, Russia’s special services managed to kill Chechen separatist leader Dzhokhar Dudayev with a missile that homed in on his satellite-phone signal. That was in 1996. Modern-day terrorists are generally more aware of the available technology.

At best, the recent revelations concerning Prism and telephone surveillance might deter potential recruits to terrorist causes from using the most visible parts of the Internet. Beyond that, the government’s efforts are much more dangerous to civil liberties than they are to al-Qaida and other organizations like it.